Cartography is a Python-based tool that collects infrastructure assets and their relationships into a graph view.
Cartography is open-source and was developed in-house at Lyft to solve offensive security scenarios. Today, Cartography is also used at Lyft to solve other InfoSec use cases, like container vulnerability management.
Cartography is built on top of the Neo4j graph data platform. The power of the graph is that it facilitates the exploration of many-to-many relationships.
In this episode, Alex and I discuss the origins of Cartography, how the engineering team at Lyft uses Cartography data for remediation of security issues, and how the graph powers an automated issue management system.